SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-6763

CVE-2024-6763: Eclipse Jetty HttpURI SSRF Vulnerability

CVE-2024-6763 is an SSRF vulnerability in Eclipse Jetty's HttpURI class caused by insufficient authority validation. Attackers can exploit browser parsing differences for open redirects or SSRF attacks. This article covers technical details, affected versions, impact assessment, and mitigation strategies.

Updated:

CVE-2024-6763 Overview

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine. It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. This behavior differs from common browsers in handling URIs that would be considered invalid if fully validated against the RRC. Specifically, HttpURI and browsers may differ on the value of the host extracted from an invalid URI, potentially leading to open redirection or SSRF if the URI is used post-validation checks.

Critical Impact

The vulnerability can lead to open redirect and SSRF attacks, affecting data integrity.

Affected Products

  • eclipse jetty

Discovery Timeline

  • 2024-10-14 - CVE 2024-6763 published to NVD
  • 2025-07-10 - Last updated in NVD database

Technical Details for CVE-2024-6763

Vulnerability Analysis

The vulnerability occurs due to improper validation in the HttpURI class, which can lead to discrepancies between HttpURI and browser-parsed URIs. This opens the potential for an attacker to exploit differences and redirect or read server-side resources inappropriately.

Root Cause

The root cause is inadequate parsing and validation of the authority segment in URIs by the HttpURI class of Eclipse Jetty.

Attack Vector

The attack vector is network-based, allowing remote attackers to exploit the URI parsing logic if the targeted application relies on HttpURI.

java
// Example code snippet that may be affected by the vulnerability
HttpURI uri = new HttpURI("http://example.com:80");
System.out.println(uri.getHost()); // May differ from browser interpretation

Detection Methods for CVE-2024-6763

Indicators of Compromise

  • Unexpected redirects in network traffic
  • Anomalies in server logs corresponding to user-requested URIs

Detection Strategies

Monitor network traffic for unusual redirect patterns and compare parsed URI components between server and client requests.

Monitoring Recommendations

Implement logging for HttpURI usage and analyze discrepancies in host parsing logs compared to standard browsers.

How to Mitigate CVE-2024-6763

Immediate Actions Required

  • Update to the latest patched version of Eclipse Jetty
  • Review and audit application code using HttpURI

Patch Information

Refer to the vendor advisory for patch details: Eclipse Jetty Security Advisory.

Workarounds

Implement strict URI parsing and validation before processing.

bash
# Example configuration to enhance URI validation safety
echo "Implement custom URI validation checks to prevent exploitation"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne